Have you ever looked for a reputable tool, such as Homebrew or LogMeIn, on Google and simply clicked the first ad? Take caution: that ad may not be genuine. Researchers in security have discovered that some ads are simply re-packaged apps that are providing malware that steals your information by way of Google search results.
• Homebrew, which is installed on macOS and Linux,
• LogMeIn, which is used to provide remote access,
• TradingView, which is used for finance and charting.
• Cookies from your browser
• Crypto wallet information
• Device information
The malware contains AMOS [Atomic macOS Stealer] and Odyssey Stealer, which is frightening isn't it?
These fraudulent websites look genuine — logos are generic logos and the layout is similar. You may not even know they are fake if they don't closely inspect the URL.
It takes advantage of trust
As a general rule, we often copy and paste commands from legitimate websites. Hackers take that trust and simply infect your computer. It's all done with one wayward command.
It's looking for something valuable
They are looking for anything they can profit — passwords saved, crypto wallets, personal information, and login information.
• Check the URL, the correct Homebrew site is brew.sh; a fake site may be brewe.sh, or brew-install.com.
• Do not trust ads, even at the top of Google. Just because it is popping up does not mean it is safe.
• Bookmark the legitimate sites. Saving the correct site so you do not have to search for it greatly increases your chances of actually ending up on the correct site.
• Do not copy/paste every random command you see. Know where it is coming from before you hit enter, especially if you have never seen it before.
• Keep your computer updated. Keeping your computer updated helps keep known malware from being on your computer.
So what is going on?
There are many hackers who are scamming customers using Google Ads. They purchase ads for tools you might be familiar with,• Homebrew, which is installed on macOS and Linux,
• LogMeIn, which is used to provide remote access,
• TradingView, which is used for finance and charting.
So, how does this work?
- You type "Homebrew install" into Google.
- You find a working ad and click it.
- The ad takes you to a replica site that looks nearly identical to the authentic one.
- The copy-cat website instructs you to copy and paste a command prompt into your terminal, or command prompt.
- Once you enter that command into your terminal, it replaces the actual program and installs malware.
This malware can steal:
• Usernames and passwords• Cookies from your browser
• Crypto wallet information
• Device information
The malware contains AMOS [Atomic macOS Stealer] and Odyssey Stealer, which is frightening isn't it?
The Potential Dangers
It seems realityThese fraudulent websites look genuine — logos are generic logos and the layout is similar. You may not even know they are fake if they don't closely inspect the URL.
It takes advantage of trust
As a general rule, we often copy and paste commands from legitimate websites. Hackers take that trust and simply infect your computer. It's all done with one wayward command.
It's looking for something valuable
They are looking for anything they can profit — passwords saved, crypto wallets, personal information, and login information.
How to Stay Safe
Here are a few easy steps you can take to protect yourself:• Check the URL, the correct Homebrew site is brew.sh; a fake site may be brewe.sh, or brew-install.com.
• Do not trust ads, even at the top of Google. Just because it is popping up does not mean it is safe.
• Bookmark the legitimate sites. Saving the correct site so you do not have to search for it greatly increases your chances of actually ending up on the correct site.
• Do not copy/paste every random command you see. Know where it is coming from before you hit enter, especially if you have never seen it before.
• Keep your computer updated. Keeping your computer updated helps keep known malware from being on your computer.
